Documentation ¶
Overview ¶
Package gojtp provides a fast way to validate the JSON and protect against vulnerable JSON content-level attacks (JSON Threat Protection) based on configured properties.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidJSON denotes JSON is Malformed ErrInvalidJSON = errors.New("jtp.MalformedJSON") )
Functions ¶
This section is empty.
Types ¶
type Option ¶
Option Function Parameters to creates verifier
func WithMaxArrayElementCount ¶
WithMaxArrayElementCount Option Specifies the maximum number of entries ( comma delimited values) allowed in an array. zero value disable the check.
func WithMaxContainerDepth ¶
WithMaxContainerDepth Option Specifies the maximum allowed nested containers depth, within a JSON where the containers are objects or arrays. zero value disable the checks
func WithMaxObjectEntryCount ¶
WithMaxObjectEntryCount Option Specifies the maximum number of entries (comma delimited string:value pairs) in a single object zero value disable the checks
func WithMaxObjectKeyLength ¶
WithMaxObjectKeyLength Option Specifies the maximum number of characters (UTF-8 encoded) allowed for a property(key) name within an object. zero value disable the checks
func WithMaxStringLength ¶
WithMaxStringLength Option Specifies the maximum number of characters ( UTF-8 encoded) in a string value. zero value disable the checks
type Verifier ¶
Verifier is the interface that wraps the basic Verify, VerifyBytes and VerifyString methods.
func New ¶
New creates and return an Verifier with passed Option Parameters, with default UTF-8 text encoding.
Example ¶
// with multiple config _, _ = New(WithMaxArrayElementCount(6), WithMaxContainerDepth(7), WithMaxObjectKeyLength(20), WithMaxStringLength(50)) // with single config _, _ = New(WithMaxStringLength(25))
Output:
type Verify ¶
type Verify struct { // Specifies the maximum number of elements allowed in an array. MaxArrayElementCount int // Specifies the maximum allowed containment depth, // where the containers are objects or arrays. JSONContainerDepth int // Specifies the maximum number of entries allowed in an object ObjectEntryCount int // Specifies the maximum string length // allowed for a property name within an object. ObjectKeyLength int // Specifies the maximum length allowed for a string value. StringValueLen int // contains filtered or unexported fields }
Verify Configuration Parameters. Verify must be created with New function.
// with some options _, _ = New( WithMaxArrayElementCount(6), WithMaxContainerDepth(7), WithMaxObjectKeyLength(20), WithMaxStringLength(50), ) // with single option _, _ = New(WithMaxStringLength(25))
Exported variable are for logging and reference.
func (Verify) VerifyBytes ¶
VerifyBytes returns true if the input is valid json, and is JSON THREAT Protection Safe. A successful VerifyBytes returns err == nil, Callers should treat a return of true and nil as only success case.
Example ¶
json := []byte(`{ "simple_string": "hello word", "targets": [ { "req_per_second": 5, "duration_of_time": 1, "utf8Key": "Hello, 世界", "request": { "endpoint": "https://httpbin.org/get", "http_method": "GET", "payload": { "username": "ankur", "password": "ananad" }, "array_value": [ "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstv" ], "additional_header": [ { "header_key": "uuid", "header_value": [ "1", "2" ] } ] } }, { "req_per_second": 10, "duration_of_time": 1, "request": { "endpoint": "https://httpbin.org/post", "http_method": "POST", "payload": { "username": "ankur", "password": "ananad" }, "additional_header": [ { "header_key": "uuid", "header_value": [ "1", "2", "3", "4", "5", "Hello, 世界" ] } ] } } ] } `) verifier1, err := New(WithMaxArrayElementCount(6), WithMaxContainerDepth(7), WithMaxObjectKeyLength(20), WithMaxStringLength(50)) ok, err := verifier1.VerifyBytes(json) verifier2, err := New(WithMaxStringLength(25)) ok, err = verifier2.VerifyBytes(json) fmt.Println(ok, err)
Output: false jtp.maxStringValueLengthReached.Max-[25]-Allowed.Found-[47]